What is CoinJoin?

CoinJoin transactions were originally proposed by Bitcoin developer Gregory Maxwell in 2013. In his statement, he gave a brief overview of the structure of these transactions and how huge privacy gains can be made without making fundamental changes to the protocol. His stament can be found here: Bitcoin privacy for the real world

Basically, CoinJoin technology involves a combination of multiple user inputs in a single transaction. Before we explain how (and why), let's take a look at how exactly a regular bitcoin transaction is built.

Bitcoin transactions consist of inputs and outputs. When a user wants to make a transaction, he takes his UTXO data as input, specifies the output, and signs the input. It is important to remember that each input is signed independently and that users can set multiple outputs (at different addresses).

If we look at a given trade consisting of four inputs (0.2 BTC each) and two outputs (0.7 BTC and 0.09 BTC), we can make several different assumptions. First, we observe how the payment is made - the sender sends someone one of the exits and returns some of the rest to himself. Since four inputs were used, the greater output is likely to the receiver. Please note that we are missing 0.01 BTC in the exit that was transferred as a fee to the miner serving the transaction.

It is also possible that the sender wants to create a large UTXO from the smaller ones, so he consolidates the smaller entries to get the desired result of 0.7 BTC.

Another assumption we can make is that each entry has been signed independently. This transaction can have up to four different parties signing the input. This is the principle that makes CoinJoining effective.

How does CoinJoin work?

The point is that multiple parties will coordinate their efforts to create transactions, each of which provides the inputs and the desired outcomes. Since all the inputs are concatenated, it is not possible to say with certainty which output belongs to which user.

Let's take an example including four participants who want to break the link between transactions. They coordinate activities among themselves (or through a dedicated coordinator) to assign inputs and outputs that they would like to include. 

The coordinator will take all this information, turn it into a transaction, and have each participant sign it before transmitting to the network. Once signed by users, transactions cannot be modified without expiring. Therefore, there is no risk that the coordinator will run away with the funds. 

The transaction serves as a sort of black box for mixing cryptocurrencies. Remember that we are effectively destroying UTXOs to create new ones. The only link between the old and the new UTXO we have is the transaction itself, but of course we can't distinguish between its participants. At best, we can say that the participant has provided one of the inputs and is perhaps the new owner of the output.

But even that is by no means guaranteed. Looking at the above transaction, who will say that there were surely four participants? Is this one person sending funds to four addresses? Two people making two separate purchases and returning 0.2 BTC back to their addresses? Four people send to new participants or to each other? We cannot be sure.

Privacy through distrust

The mere fact that CoinJoin implementations exist is enough to call into question the methods used to analyze transactions. You can infer that CoinJoin happened in a lot of cases, but it still doesn't give you information about who the new owner of the coins is. As popularity grows, the assumption that all inputs are owned by the same user weakens - and creates a huge leap in privacy in the wider cryptocurrency ecosystem.

In the previous example, we say that the transaction had an anonymity set of 4 - any of the four participants involved could own the result. The larger the anonymity set, the less likely the transactions are to be trackable to the original owner. Fortunately, recent CoinJoin implementations make users feel free to combine their input with dozens of others, ensuring a high degree of contradiction.has recently been successfully completed 100-person transaction

Conclusions concerning anonymity and Coinjoin

Coin mixing tools are an important addition to the arsenal of any user who takes their privacy seriously. Unlike the proposed privacy updates (such as Confidential Transactions), they comply with the protocol as it stands. 

For those who trust honesty and third party methodology, mixer services are an interesting and easy-to-use alternative. For those who prefer a verifiable and non-custodial alternative, CoinJoin will be a better option. CoinJoin can be used manually - for technically advanced users or with the help of specialized software tools that extract more complex mechanisms. There are already several such tools that continue to grow in popularity as cryptocurrency users strive for greater privacy.